85 matches found
SICK Field Analytics和SICK Media Server 安全漏洞
SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from a missing...
CVE-2023-36918
In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in...
CVE-2022-24733
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...
IBM Concert 加密问题漏洞
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...
CVE-2021-32007 Missing security header: Referrer-Policy URL
This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers...
ALPINE-CVE-2024-9681
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...
Siemens SINEC Traffic Analyzer Logic Flaw Vulnerability (CNVD-2024-35430)
SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communications between controllers and IO devices. A logic flaw vulnerability exists in Siemens SINEC Traffic Analyzer, which stems from the application's lack of a regular HTTP security header in the web server,...
CVE-2024-30119
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...
CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...
CVE-2024-30119
CVE-2024-30119 affects HCL DRYiCE Optibot Reset Station due to a missing Strict Transport Security (HSTS) header. Underlying issue allows potential interception or manipulation of data during redirection. CVSSv3.1/3.1 metrics indicate a base score of 3.7 (LOW) with Network attack vector, high att...
CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...
GHSA-FWHR-88QX-H9G7 Missing security headers in Action Pack on non-HTML responses
Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...
vantage6 Security Vulnerabilities
vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions 4.2.0 and earlier that stems from not setting the security header...
Code injection
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...
CVE-2023-46238 XSS with User Avatar image in ZITADEL
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...
CVE-2023-46238 XSS with User Avatar image in ZITADEL
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...
CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...
Home Assistant Data Falsification Issue Vulnerability
Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home assistant versions prior to 2023.9.0, which stems from Home assistant not setting the HTTP security header. An attacker can...
OpenShift: Missing HTTP Strict Transport Security
Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...
Storefront - Storefront URL becomes inaccessible after adding HTTP Response Header
After mitigating the HTTP Security Header Not Detected Vulnerability in IIS by adding HTTP Response Headers, the Citrix Storefront url may become inaccessible. Users might be presented with the "500 Internal server error" message...